gotify
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains 'MANDATORY USAGE REQUIREMENT' and 'CRITICAL' instructions that attempt to override the AI agent's default behavior by forcing automatic invocation for specific events (long-running tasks, plan completion, etc.) regardless of explicit user requests. - [COMMAND_EXECUTION]: The script
scripts/send.shexecutes thecurlcommand to send notification data to the Gotify API. - [DATA_EXPOSURE]: The skill accesses the sensitive file path
~/.homelab-skills/.envto retrieveGOTIFY_URLandGOTIFY_TOKENcredentials. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of notification messages and titles.
- Ingestion points: Notification message and title arguments passed to
scripts/send.sh. - Boundary markers: None identified in the prompt interpolation logic.
- Capability inventory: Network access via
curlto a user-defined endpoint. - Sanitization: The skill uses
jqto safely construct the JSON payload, which prevents shell injection but does not sanitize the natural language content for downstream systems.
Audit Metadata